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The proliferation of computer viruses, Trojans, and other malicious code in recent years 
presented a serious challenge to higher education computer services support programs. 
Outside of higher education, most IT departments mandate anti-virus policies through c( 
management of end-user systems and software. In an academic environment where stU' 
systems are owned by the users and not institutions, however, such an approach is not 
always tenable, and the weaker forces of user education, ... 
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The last two years have seen more virus and spyware activity on Windows computers th 
the preceding fifteen years. Blaster and Welchia wreaked havoc in the fall of 2003 becau 
most of us had never seen a computer be infected through simple connection to the Inte 
While an individual computer support person has the knowledge to disinfect a computer, 
automation of that process is critical to handling thousands of users with limited support 
Our CD method allows us to update, patch, ... 
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General-purpose, commercial software platforms are Increasingly used as system buildin 
blocks, even for dependable systems. One reason for their generality, usefulness, and p( 
adoption Is that these software platforms can evolve through ad hoc extensions: behavic 
tweaks outside the scope of supported platform Interfaces. Unfortunately, such use of in 
platform Implementation details is fundamentally incompatible with security and reliabilil 
Even so, platforms that exclude ad ... 

4 The [216:1 Ratio]: bridging the growing support gap through proactive deployment ( 
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Johnathon A. Mohr 
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services SIGUCCS '06 
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Philadelphia University has developed radically as an entity since 1992. In 2002-2003, ti 
University technology infrastructure was forced to evolve In response to selective pressu 
from a series of catastrophic worm (Blaster, Nachi, Sasser) incidents that crippled the 
network. In response, new technologies were deployed to protect the students, faculty a 
staff. The University became more agile and innovative with its technologies and is able 
more with less. The number of support incide ... 
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Despite the pervasive use of anti-virus (AV) software, there has not been a systematic s 
of the characteristics of the execution of this workload. In this paper we present a 
characterization of four commonly used antl-vlrus software packages. Using the VIrtutec 
Simics toolset, we profile the behavior of four popular anti-virus packages as run on an I 
PentlumlV platform running Microsoft WIndows-XP.In our study, we focus on the overhe. 
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In today's interconnected world, malware, such as worms and viruses, can cause havoc, 
malware detector (commonly known as virus scanner) attempts to identify malware. In : 
of the importance of malware detectors, there is a dearth of testing techniques for evalu 
them. We present a technique based on program obfuscation for generating tests for me 
detectors. Our technique is geared towards evaluating the resilience of malware detectoi 
various obfuscation transformations commoni ... 

Keywords: adaptive testing, anti-virus, malware, obfuscation 



7 Intrusion detection and response: MET: an experimental system for Malicious Emai 
^ Trackin g 

Manasi Bhattacharyya, Shiomo Hershkop, Eleazar Eskin 

September 2002 Proceedings of the 2002 workshop on New security paradigms N! 
•02 

Publisher: ACM Press 

Full text available: ^.pdf(79ai8 Additional Information: full citation , abstract , references , citit 
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Despite the use of state of the art methods to protect against malicious programs, they 
continue to threaten and damage computer systems around the world. In this paper we 
present I^ET, the (Malicious Email Tracking system, designed to automatically report stati 
on the flow behavior of malicious software delivered via email attachments both at a loc< 
global level. MET can help reduce the spread of malicious software worldwide, especially 
replicating viruses, as well as provide furth ... 

Keywords: anti-virus, email attachment, email tracking, virus detection 
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As more business activities are being automated and an increasing number of computer* 
being used to store sensitive information, the need for secure computer systems becomt 
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more apparent. This need is even more apparent as systems and applications are being 
distributed and accessed via an insecure network, such as the Internet. The Internet lts€ 
become critical for governments, companies, financial institutions, and millions of everyc 
users. Networks of computers support a multitude ... 

9 Shield: vulnerability-driven network filters for preventin g known vulnerability exploits 
^ Helen J. Wang, Chuanxlong Guo, Daniel R. Simon, Alf Zugenmaler 

^ August 2004 ACM SIGCOMM Computer Communication Review , Proceedings of th< 
2004 conference on Applications, teclinologies, architectures, and 
protocols for computer communications SIGCOMM '04, Volume 34 Issue 
Publisher: ACM Press 

Full text available: pdf(242.89 Additional Information: full citation , abstract , references , citir 
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Software patching has not been effective as a first-line defense against large-scale worn- 
attacks, even when patches have long been available for their corresponding vulnerabilit 
Generally, people have been reluctant to patch their systems immediately, because pate 
are perceived to be unreliable and disruptive to apply. To address this problem, we prop' 
first-line worm defense in the network stack, using shields ~ vulnerability-specific, expic 
generic network filters install ... 

Keywords: generic protocol analyzer, network filter, patching, vulnerability signature, v 
defense 
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October 2006 ACM SIGPLAN Notices , ACM SIGOPS Operating Systems Review , A( 
SIGARCH Computer Architecture News , Proceedings of the 12th 
international conference on Architectural support for programming 
languages and operating systems ASPLOS-XII, Volume 41 , 40 , 34 lssu< 
5 , 5 

Publisher: ACM Press 

Full text available: pdf(271 .78 Additional Information: full citation , abstract , references . Indi 
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Worms, viruses, and other malware can be ticking bombs counting down to a specific tin 
when they might, for example, delete files or download new instructions from a public w 
server. We propose a novel virtual-machine-based analysis technique to automatically 
discover the timetable of a piece of malware, or when events will be triggered, so that oi 
types of analysis can discern what those events are. This information can be invaluable f 
responding to rapid malware, and automating ... 

Keywords: malware, virtual machines, worms 
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(25.13 KB) 

Spy ware poses serious privacy and security issues to users of e-commerce and m-comm 
[3, 5, 8]. Microsoft claims that half of all computer crashes reported by its customers we 
caused by spyware and Its equivalents. Spyware is also responsible for about 12% of all 
technical support calls and accounts for the biggest category of customer complaints, 
according to Dell [1]. 

12 Now that we are all so well-educated about spyware. can we put the bad guys out c 
business? 
Karen McDowell 

November 2006 Proceedings of the 34th annual ACM SIGUCCS conference on User 

services SIGUCCS '06 
Publisher: ACM Press 

Full text available:^ pdf (263.64 ,, - *• , „ . u x * . 

KBl Additional Information: full citation , abstract , index terms 

The phenomenon known variously as spyware, adware, or malware has grown exponent 
in the past few years and has been swamping our computer systems, much like email sp 
but significantly worse in every sense of the word. Complicating the matter, the line betvv 
viruses and spyware is rapidly blurring, largely because of the increasing sophistication c 
spyware and the multiplication of "bots." While it is possible that university students are 
more susceptible than the general publl ... 

Keywords: adware, antlspyware, bots, greyware, malware, spyware 
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^ Michael Vrable, Justin Ma, Jay Chen, David Moore, Erik Vandekleft, Alex C. Snoeren, Geoffr 

^ Voelker, Stefan Savage 

October 2005 ACM SIGOPS Operating Systems Review , Proceedings of the twentii 

ACM symposium on Operating systems principles SOSP '05, Volume 3 

Issue 5 

Publisher: ACM Press 

Full text available: ^ pdf(506.39 Additional Information: full citation , abstract , references , citir 

KB) index terms 

The rapid evolution of large-scale worms, viruses and bot-nets have made Internet malv 
pressing concern. Such infections are at the root of modern scourges including DDoS 
extortion, on-line identity theft, SPAM, phishing, and piracy. However, the most widely u 
tools for gathering intelligence on new malware — network honeypots — have forced 
investigators to choose between monitoring activity at a large scale or capturing behavic 
with high fidelity. In this paper, we describe an approa ... 

Keywords: copy-on-wrlte, honeyfarm, honeypot, malware, virtual machine monitor 
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Publisher: ACM Press 

Full text available: pclf(283.77 Additional Information: full citation , abstract , references , citir 
KB ) index terms 

Modern society is highly dependent on the smooth and safe flow of information over 
communication and computer networl<s. Computer viruses and worms pose serious thre; 
the society by disrupting the normal information flow and collecting or destroying inform 
without authorization. Compared to the effectiveness and ease of spreading worms and 
viruses, currently adopted defense schemes are slow to react and costly to implement. 

This paper proposes an automated email virus detecti ... 

Keywords: contact tracing, transmission chain, worm defense 



15 Spyware: A framework for spvware assessment 
^ Merrill Warkentin, Xin Luo, Gary F. Templeton 

^ August 2005 Communications of the ACM, Volume 48 issue 8 

Publisher: ACM Press 
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KB) 111 html — Additional Information: full citation , appendices and supplen 
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One of the most challenging problems confronting the IT community is responding to the 
threat of spyware. Recent research, legislative actions, and policy changes have been 
. hastened to counter spyware's threat to the privacy and productivity of both individuals 
organizations [2, 10—12]. 

16 State of the art: Research challenges of autonomic computing 

^ Jeffrey 0. Kephart 

^ May 2005 Proceedings of the 27th international conference on Software engineeri 
ICSE '05 , Proceedings of the 27th international conference on Software 
engineering ICSE '05 
Publisher: ACM Press, IEEE Computer Society 

Full text available: pdf( 128.40 ........ 

i^DN (SI o ui u Additional Information: full citation , abstract , references , indi 
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Site 

Autonomic computing is a grand-challenge vision of the future in which computing systei 
will manage themselves in accordance with high-level objectives specified by humans. Tl 
industry recognizes that meeting this challenge is imperative; otherwise, IT systems will 
become virtually impossible to administer. But meeting this challenge is also extremely 
difficult, and will require a worldwide collaboration among the best minds of academia ar 
industry. In the hope of motivating researche ... 

Keywords: autonomic computing, research challenges, self-managing systems 
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October 2004 Proceedings of the 32nd annual ACM SIGUCCS conference on User 

services SIGUCCS '04 
Publisher: ACM Press 

Full text available: "^ pdfdSy.QI Additional Information: full citation , abstract , references , citit 
KB) index terms 

Employees are the greatest threat to an organization's security. Their non-compliance w 
security policies not only threatens the Integrity of the system, It also costs the organiza 
significant amount of money due to the loss of information or the man-hours spent fixinc 
problems that the user causes. This paper looks at the man-hour cost due to non-compli 
at a branch of a large university. We identified what constituted non-compliance and the 
the IT staff track the number of ... 

Keywords: administrative staff, backup, malware, network, network policy, network se« 
tools, viruses 



18 Technical Session: Barbarians at the gateway , defeating viruses in EDU 
^ Paul Schmehl 

^ October 2001 Proceedings of the 29th annual ACM SIGUCCS conference on User 

services SIGUCCS '01 
Publisher: ACM Press 

Full text available: ^ pdf(250.70 Additional Information: full citation , abstract , references , ind' 
KB) terms 

In this paper I discuss the strategies and techniques that we have used at the University 
Texas at Dallas (UTD) to successfully defend the campus against virus attacks and suggi 
methods for selling these ideas to faculty, staff and students. 

Keywords: anti-virus, blocking, defenses, malicious programs, security, strategies, viru 

19 On incremental file system development 

^ Erez Zadok, Rakesh Iyer, Nikolai Joukov, Gopalan Sivathanu, Charles P. Wright 
^ May 2006 ACM Transactions on Storage (TOS), Volume 2 Issue 2 

Publisher: ACM Press 

Full text available: pdf( 260.40 Additional Information: full citation , ab stract , references , ind' 
KB) terms 

Developing file systems from scratch is difficult and error prone. Using layered, or stack? 
file systems is a powerful technique to incrementally extend the functionality of existing 
systems on commodity OSes at runtime. In this article, we analyze the evolution of layei 
from historical models to what is found in four different present day commodity OSes: S' 
FreeBSD, Linux, and Microsoft Windows. We classify layered file systems into five types 
on their functionality and ... 

Keywords: I/O manager, IRP, Layered file systems, VPS, extensibility, stackable file 
systems, vnode 
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October 2003 Proceedings of the 2003 ACM workshop on Rapid malcode WORM 'O: 

Publisher: ACM Press 

Full text available: pdf(240.68 Additional Information: full citation , abstract , references , citit 
KB ) index terms 

This paper presents DOME, a host-based technique for detecting several general classes 
malicious code in software executables. DOME uses static analysis to identify the locatioi 
(virtual addresses) of system calls within the software executables, and then monitors tf 
executables at runtime to verify that every observed system call is made from a location 
identified using static analysis. The power of this technique is that it is simple, practical, 
applicable to real-world software, and high ... 
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The way software is delivered has changed. 

A formal framework for component deployment 
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October 2006 ACM SIGPLAN Notices , Proceedings of the 21st annual ACM SIGPLA 
conference on Object-oriented programming systems, languages, ar 
applications OOPSLA '06, Volume 41 Issue 10 
Publisher: ACM Press 

Full text available: pdf(592.54 Additional Information: full citation, abstract , references . Ind 
KB) terms 

Software deployment is a complex process, and industrial-strength frameworks such as 
Java, and CORBA all provide explicit support for component deployment. However, these 
frameworks are not built around fundamental principles as much as they are engineerinc 
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The large-scale behavior of routing in the Internet has gone virtually without any formal 
study, the exception being Chinoy's analysis of the dynamics of Internet routing informa 
[Ch93]. We report on an analysis of 40,000 end-to-end route measurements conducted 
repeated "traceroutes" between 37 Internet sites. We analyze the routing behavior for 
pathological conditions, routing stability, and routing symmetry. For pathologies, we 
characterize the prevalence of routing loops, erroneous ... 
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study, the exception being Chinoy's analysis of the dynamics of Internet routing informa 
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require us to change some of our underlying assumptions about how we write programs, 
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